Privacy Policy

Last updated: June 17, 2026

This Privacy Policy describes how PiCluster Finance Sync ("the application", "we", "I") handles data. PiCluster Finance Sync is a personal, single-user financial tracking tool built and operated by one individual for their own private use. It is not a commercial product, is not offered to the public, and has no users other than its operator.

What data is accessed

The application connects to a single personal bank account (DKB) through Enable Banking, a PSD2-licensed open banking provider, via the Firefly III Data Importer. Through this connection, it reads account and transaction data — such as account balances, transaction amounts, dates, and counterparty descriptions — that is necessary to track personal income and expenses.

No other categories of data are accessed. The application does not collect data from any other individual, and it is not used by, or on behalf of, anyone other than its operator.

Why the data is accessed

The sole purpose of accessing this data is personal expense tracking and budgeting. The transaction data is imported into Firefly III, a personal finance manager, so the operator can categorize spending and review their own financial history.

Where the data is stored

All imported data is stored exclusively on a self-hosted Firefly III instance running on the operator's own home Kubernetes cluster. The operator controls this infrastructure directly. Data is:

• Never shared with, or accessible to, any third party
• Never sold
• Never used for advertising, marketing, or analytics purposes
• Not processed or stored by any cloud service other than the operator's own infrastructure

Enable Banking, as the regulated PSD2 provider that brokers the connection to the bank, processes data only to the extent necessary to relay it from the bank to the application, in accordance with its own role under PSD2 and its own privacy practices.

Single-user, personal nature of this application

PiCluster Finance Sync is built for, and used by, exactly one person: its operator, who is also the account holder of the bank account being accessed. There is no registration, no other accounts, and no public access of any kind. This policy exists to satisfy Enable Banking's application registration requirements, not because the application serves an external user base.

Data retention and deletion

Because the data in question is the operator's own personal financial records, it is retained indefinitely in the self-hosted Firefly III instance, under the operator's own control, for as long as the operator finds it useful. Since the operator is both the data subject and the data controller, deletion is entirely within their own control and can be carried out directly within the Firefly III instance or by revoking the Enable Banking connection at any time.

Contact

Questions about this policy or about data handling can be directed to: dataprotection@norval.dev